Synopsis: ftpd setproctitle vulnerability
NetBSD versions: All
Thanks to: Itojun
Reported in NetBSD Security Advisory: SA2000-009

--- libexec/ftpd/ftpd.c	2000/05/11 10:14:37	1.61.2.2
+++ libexec/ftpd/ftpd.c	2000/07/08 18:58:10	1.61.2.3
@@ -712,7 +712,7 @@
 		    "%s: anonymous/%.*s", remotehost,
 		    (int) (sizeof(proctitle) - sizeof(remotehost) -
 		    sizeof(": anonymous/")), passwd);
-		setproctitle(proctitle);
+		setproctitle("%s", proctitle);
 #endif /* HASSETPROCTITLE */
 		if (logging)
 			syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s, %s",
@@ -722,7 +722,7 @@
 #ifdef HASSETPROCTITLE
 		snprintf(proctitle, sizeof(proctitle),
 		    "%s: %s", remotehost, pw->pw_name);
-		setproctitle(proctitle);
+		setproctitle("%s", proctitle);
 #endif /* HASSETPROCTITLE */
 		if (logging)
 			syslog(LOG_INFO, "FTP LOGIN FROM %s as %s",
@@ -1507,7 +1507,7 @@
 	remotehost[sizeof(remotehost) - 1] = '\0';
 #ifdef HASSETPROCTITLE
 	snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
-	setproctitle(proctitle);
+	setproctitle("%s", proctitle);
 #endif /* HASSETPROCTITLE */
 
 	if (logging)